BIND 9.7.3 Release Notes HP-UX 11i v3 (5900-3140, July 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software

Contents

1 BIND 9.7.3 Release Notes...........................................................................5

Announcement.........................................................................................................................5

What is in this version?.............................................................................................................5

Fully automatic signing of zones by "named"...............................................................................5

Simplified configuration of DNSSEC Lookaside Validation (DLV)......................................................5

Simplified configuration of Dynamic DNS, using the "ddns-confgen" command line tool or the "local”

update-policy option (As a side effect, this also makes it easier to configure automatic zone

re-signing)...............................................................................................................................5

New named option "attach-cache" that allows multiple views to share a single cache.......................5

DNS rebinding attack prevention................................................................................................6

New default values for dnssec-keygen parameters.........................................................................6

Support for RFC 5011 automated trust anchor maintenance............................................................6

Smart signing: simplified tools for zone signing and key maintenance.............................................6

Named and other binaries can now print out a stack backtrace on assertion failure, to aid in

debugging..............................................................................................................................6

Full NSEC3 support..................................................................................................................6

Generating NSEC3 chain.....................................................................................................7

New record for NSEC3........................................................................................................7

Documented interpretations of the octet values.........................................................................7

Automatic zone re-signing.........................................................................................................7

Default PID file location.............................................................................................................8

Default TTL with nsupdate..........................................................................................................8

Randomize server selection on queries.........................................................................................8

Specify max sockets on named command line..............................................................................8

GSS-TSIG support (RFC 3645)....................................................................................................8

More detailed statistics counters.................................................................................................8

Faster ACL processing and efficient LRU cache cleaning mechanism................................................8

NSID support (RFC 5001)..........................................................................................................8

Implementation of "additional section caching" ...........................................................................8

Convenient syntax for already existing options like query-source, server statement in rndc.conf............9

New acl option “allow-query-cache” ..........................................................................................9

Additional fields for already existing options like ixfr-from-differences...............................................9

Journal file names are configurable.............................................................................................9

New control options for rndc like notify, sign, validation and querylog............................................9

Error messages are now more informative....................................................................................9

Scope of some ACL (e.g. allow-update) was changed in named.conf...............................................9

New options to control behavior of DNS NOTIFY.........................................................................9

UNIX domain controls channel are now supported......................................................................10

Introduction of new zonefile format to enhance loading performance.............................................10

Extended post zone load checks. New configuration options for same...........................................10

Dig now has new options........................................................................................................10

Recursive clients for same query can now be controlled with new configuration options....................10

Automatic empty zone are now fully covered as mentioned in RFC 1918 zones...............................10

New update-policy fields added...............................................................................................11

New algorithms support..........................................................................................................11

The EDNS response / reply sizes can now be configured.............................................................11

Defaults have been changed for some configuration and binary options........................................11

DNSSEC validation is set by default and can be unset explicitly....................................................12

SPF (Sender Policy Framework) support......................................................................................12

Support for new resource records..............................................................................................12

New binaries have been added...............................................................................................12

Contents 3